Epe 50 03 Installation 4mb

1
2007 McAfee, Inc.

2008 McAfee, Inc.
McAfee SafeBoot Security
SafeBoot Installation
McAfee World-wide Learning and Development
2007 McAfee, Inc.
Copyright 2008 McAfee, Inc. All Rights Reserved.
Copyright 2008 McAfee, Inc. All Rights Reserved.
The training information provided herein is the property of McAfee, Inc., and is
intended for the sole use of the individual or organization purchasing the
training. Distribution of the training material outside of the purchasing
organization is strictly prohibited.
All information contained herein is subject to change without notice. McAfee is
not responsible for errors or damages of any kind resulting fromuse of the
information contained herein. Every effort has been made to ensure the
accuracy of information presented as factual; however errors may exist.
Users are directed to countercheck facts when considering their use in other
applications. McAfee is not responsible for the content or functionality of any
technology resource not owned by the company.
The statements, comments, or opinions expressed by users through use of
McAfees technology resources are those of their respective authors, who are
solely responsible for them, and do not necessarily represent the views of
McAfee, Inc. and/or its affiliates.
2
2/21/2008
2007 McAfee, Inc.
Objectives
At the end of this section, the student will be able to;
Install the SafeBoot Management Center, including the
SafeBoot Server and SafeBoot Object Directory
Configure the SafeBoot system for use
Create and configure users
Create and configure machines
Create client installation sets
Install SafeBoot Device Encryption client, and SafeBoot
Content Encryption client
Test SafeBoot installations
At the end of this section, the student will be able to;
Install the SafeBoot Management Center, including the SafeBoot Server and SafeBoot Object Directory
Configure the SafeBoot system for use
Create and configure users
Create and configure machines
Create client installation sets
Install SafeBoot Device Encryption client, and SafeBoot Content Encryption client
Test SafeBoot installations
4
2007 McAfee, Inc.
1. Installation
2007 McAfee, Inc.
SafeBoot Installation Sequence of Events
Installation is order-dependent
1. Install the SafeBoot Management Center
2. Create the Object Directory database
3. Create the SafeBoot Server Application
4. Add users to system
5. Setup machine configurations
6. Create Installation Sets
7. Install SafeBoot clients
8. Test
The installation and setup of SafeBoot is order-dependent and must be done in the following
sequence:
1. Install the SafeBoot Management Center
2. Create the object database
3. Create the SafeBoot Server Application
4. Add Users to the System
5. Set Up Machine Configurations
6. Create Installation Sets
7. Install the SafeBoot installClient(s)
8. Test the System
2007 McAfee, Inc.
Installing SafeBoot Management Center
Insert SafeBoot CD
Run setup.exe
Enter Product Code
Read/approve License Agreement
Determine program files to be installed
Choose encryption algorithm
Make token selections or deselect
Make Smart Card reader selections or
deselect
Select Client software
Select Themes
Select Languages
Click Next verify selections
Click Next to create the
installation set
Setup Wizard Completewill
appear
SafeBoot Management Center provides centralized management of the entire SafeBoot network of
users and machines.
1. When you insert the SafeBoot Disk into the CD drive, the various program file folders are
displayed.
2. Select the setup.exefile to start. The Welcome to SafeBoot Installation screen will appear. Click
Next.
3. Enter your product code. The product code will arrive separately from the installation CD, usually
via email. Contact your SafeBoot sales representative if you need further clarification or you lose
your product code.
4. Read and approve the license agreement, click Yes to proceed.
5. Determine where you want the program files to be installed. Click Next.
6. Choose an encryption algorithm. If you are unsure, or have nopreference, then select the default
AES (FIPS 256) or the algorithm that matches your companys security policies.
7. There are many types of components that you can select from the Optional Components window:
a. Tokens: If you are not using physical tokens, uncheck all boxes for this option. Otherwise, select
the type of device used to store the token.
b. Smart Card Readers: If you plan to use hardware devices to store tokens, you will need to select
the type of reader to be used on both the administration system and the client systems. Deselect all
the readers if they are not required.
c. SafeBoot Device Encryption: Deselect this option if you are not installing Device Encryption.
d. Device Encryption Themes: Select the pre-boot graphic theme you would like to appear on your
client machines.
Note: you can insert your own graphics. Contact SafeBoot for further instruction.
e. Device Encryption / Content Encryption Client Languages: SafeBoot supports multiple languages.
Specify the language, or languages, required for your client machines. When you have selected your
components click on Next.
Continued Next Slide
2007 McAfee, Inc.
Installing SafeBoot Management Center
Insert SafeBoot CD
Run setup.exe
Enter Product Code
Read/approve License Agreement
Determine program files to be installed
Choose encryption algorithm
Make token selections or deselect
Make Smart Card reader selections or
deselect
Select Client software
Select Themes
Select Languages
Click Next verify selections
Click Next to create the
installation set
Setup Wizard Completewill
appear
Continued From Previous
8. The Start Copying Files window provides you with the opportunity to review your choices before
actually installing the SafeBoot software. Review this list carefully.
a. If you want to make changes, simply hit the Back button until you get to the appropriate
window.
b. Make your changes.
c. Continue to click the Next button until you reach the Start Copying Files screen. If you wish,
review your configuration again.
9. Click on Next to create the installation set. This takes just a couple of minutes.
10.SafeBoot will display the Setup Wizard Complete when the installation has finished. Click the
Finish button to complete the process.
11.Restart the computer if required.
2007 McAfee, Inc.
Installation Product Code
Product Code
will activate the
different
SafeBoot
Products
Enter your product code. The customers product code will arrive separately from installation CD,
usually via email.
2007 McAfee, Inc.
Installation License Agreement
Click Yes on the License agreement.
2007 McAfee, Inc.
Installation Program Destination
Select the location where you want SafeBoot installed.
2007 McAfee, Inc.
Installation Algorithm choice
During Installation
the customer can
choose the
algorithm
appropriate for
their environment
Choose an encryption algorithm. If you are unsure, or have no preference, then select the default
AES (FIPS 256) or the algorithm that matches your companys security policies.
2/21/2008
12
2007 McAfee, Inc.
Installation - Components
Tokens: If you are not
using physical
tokens, uncheck all
boxes for this option.
Otherwise, select the
type of device used
to store the token
There are many types of components that you can select from the Optional Components window:
a. Tokens: If you are not using physical tokens, uncheck all boxes for this option. Otherwise, select
the type of
device used to store the token.
2/21/2008
13
2007 McAfee, Inc.
Smart Card Readers:
If you use hardware
devices to store
tokens, select the
type of reader to be
used on both
administration system
and client systems.
Deselect all the
readers if they are
not required
b. Smart Card Readers: If you plan to use hardware devices to store tokens, you will need to select
the type
of reader to be used on both the administration system and the client systems. Deselect all the readers
if they
are not required.
2/21/2008
14
2007 McAfee, Inc.
Device Encryption
Client Languages:
SafeBoot supports
multiple languages.
Specify the language,
or languages, required
for your clients
c. Device Encryption Client Languages: SafeBoot supports multiple languages. Specify the language,
or languages, required for your clients.
2/21/2008
15
2007 McAfee, Inc.
Content Encryption
Client Languages:
SafeBoot supports
multiple languages.
Specify the language,
or languages,
required for your
clients
Content Encryption Client Languages: SafeBoot supports multiple languages. Specify the language,
or languages, required for your clients.
2007 McAfee, Inc.
Installation Start Copying Files
Verify the components to install and click Next.
2007 McAfee, Inc.
Installation Setup Status
The Setup Status dialog will appear showing the progress of the installation.
2007 McAfee, Inc.
Installation Setup Complete
The Setup Wizard Complete dialog will appear once SafeBoot has completed installing. Click Finish.
2007 McAfee, Inc.
Installation Create the Object Directory
Object Directory database a.k.a. SafeBoot Administration
database
Required to store security information for SafeBoot
One-time setup requirement Run SafeBoot Admin
Console
Select Start
Select Programs
Select SafeBoot Administration Tools
Select SafeBoot Administration
To use the SafeBoot Management Centre, you must first configure the SafeBoot Administration
Database (Object Directory database). The object database is a repository for all the security
information (keys, policies, etc.) used in SafeBoot. The SafeBoot Administration System (SBAdmin)
provides the interface for configuring this database. The SafeBoot Administration Database and the
SafeBoot Management Centre tools must reside on the same computer.
Creating the object database is a one-time setup requirement. The only time you will be given the
option to create the database is the first time you run the SafeBoot Administration Tools. To start the
process:
1. Click the Start menu.
2. Select Programs.
3. Select "SafeBoot Administration Tools.
4. Select SafeBoot Administration.
2007 McAfee, Inc.
Installation Create Object Directory
The Create SafeBoot Database dialog will appear. Select the default Description and Driver. Set the
data path as desired, or use the default path. Click Next.
2007 McAfee, Inc.
Installation User and Machine Groups
SafeBoot creates
several logical
groups by default
You can add, edit,
or remove groups
during Object
Directory creation
As with many network applications, you can define users individually or within groups. The same
concept applies to SafeBoot users and machines (devices) that are attached to the network.
SafeBoot creates several default groups during installation. If you want, you can add, edit or remove
groups when creating the Object Directory.
2007 McAfee, Inc.
Installation Set SafeBoot Administrator
SbAdmin is default root
administrator name
Enter and re-enter
administrative password
for the root
administrator
NOTE: Because
hardware tokens were
deselected, Password
Only Token is the only
available option
SbAdminis default root administrator name and it will automatically appear in the Root User dialog
box.
Enter and re-enter administrative password for the root administrator here. This will be the Root
Administrator login moving forward.
NOTE: Because hardware tokens were deselected during the component selection, Password Only
Token is the only available option for token on our screen.
2007 McAfee, Inc.
Installation Program Files / File Groups
SafeBoot program
(and other) files
can be stored in
Object Directory
Used for updating
install sets to client
machines
SafeBoot program files, as well as other program files, can be stored within the SafeBoot Object
Directory. This simplifies the distribution and updating of install sets for client machines.
The Program Files dialog lists all of the files that should be stored within the object database. Accept
the list that is presented by clicking Next. You can add, edit or remove program files by selecting
the appropriate buttons.
2007 McAfee, Inc.
Installation Create New Database
Click Finish on the Create New Database dialog. The SafeBoot Object Directory database will be
created and the status will display in the Creation Status window.
2007 McAfee, Inc.
Installation Create New Database
Once the Object Directory has been created, the Database creation complete dialog will appear.
Click OK.
2007 McAfee, Inc.
Installation Login to the Object Directory
You will be prompted to authenticate with the new Object
Directory
Login with the root
administrator credentials
created earlier, by default
SbAdmin
Once authenticated, the
SafeBoot Administration
Console will launch
You will be prompted to authenticate with the new Object Directory Login with the root
administrator credentials created earlier, by default SbAdmin. Once authenticated, the SafeBoot
Administration Console will launch.
2007 McAfee, Inc.
Installation SafeBoot Administration Console
SafeBoot Administration Console
2007 McAfee, Inc.
Installation SafeBoot Server
To create the SafeBoot
Server;
In the Admin Console, select
the System Tab
Expand the SafeBoot Server
group tree in the left navigation
pane
Double-click on SafeBoot
Servers
Right-click in the SafeBoot
Server Groups window and
select New Server
The SafeBoot system requires a communication server to handle the exchange between the client
machines and the SafeBoot Object Directory. To create this server:
In order to create the SafeBoot Server;
1. In the Administration Console, select the System Tab
2. Expand the SafeBoot Server group tree in the left navigation pane
3. Double-click on SafeBoot Servers
4. Right-click in the SafeBoot Server Groups window and select New Server
2007 McAfee, Inc.
Installation New Server
Enter the information for the
new server;
Name
IP Address (if needed)
Port (if needed)
Diffie-Hellman key size
Server Description
Add to available database
connections
Enter the information for the new server;
Name the server
IP Address (if needed)
Port (if needed) SafeBoot Server uses 5555 by default
Diffie-Hellman key size
Server Description
Add to available database connections.
Click OK and the Creating SafeBoot Server dialog appears as the server keys are generated. This
process can take a few minutes.
2007 McAfee, Inc.
Installation New Server
The new server will appear in
the SafeBoot Server Groups
window
The new server will appear in the SafeBoot Server Groups window
2007 McAfee, Inc.
Installation Start SafeBoot Server
In order to start the SafeBoot Server;
Select Start
Select Programs
Select SafeBoot Database Server
In order to start the SafeBoot Server;
Select Start
Select Programs
Select SafeBoot Database Server
2007 McAfee, Inc.
Installation Start SafeBoot Server
Authenticate with the root
administrator credentials
Select the Server
configuration to use
Authenticate with the root administrator credentials created previously.
Next, select the configuration to use for this server. In this example, there is only one configuration
created and it is the default.
You may want to choose Use these settings automatically if you will always use this configuration
for this server.
2007 McAfee, Inc.
Installation SafeBoot Server Window
The SafeBoot Database Server
window will open
The SafeBoot Database Server window will open.
2007 McAfee, Inc.
Installation Start SafeBoot Server as a Service
To configure the SafeBoot Server to start as a service;
In the SafeBoot Database Server, select File ->Start Service
Verify that you wish to
start as a service
To configure the SafeBoot Server to start as a service;
In the SafeBoot Database Server, select File ->Start Service
Verify that you wish to start the SafeBoot Server as a service.
2007 McAfee, Inc.
Installation Server Service
Once complete you will
see SbDbServer.exe in
Task Manager
Appears as Automatic
service in Windows
Services
Once you have verified that you want to start SafeBoot Server asa service, you will see the
SbDbServer.exeprocess in Task Manager. The SafeBoot Database Server is listedin Windows
Services with automatic start-up.
2007 McAfee, Inc.
Installation Create Users
To create users;
In the SafeBoot Administration Console, on the Users tab,
expand SafeBoot User Groups
Double-click a user group, for example, SafeBoot Users
Right-click in the user group window and select Create
User
All users need
accounts
Windows Mobile
devices are treated
as machines
All users of the SafeBoot system need their own account, with the exception of Windows mobile
devices, as these are treated as machines.
2007 McAfee, Inc.
Create User dialog displays
Enter user name this will be
their SafeBoot Login name
Add identifying information for
HelpDesk
To complete the process, the Create User window is displayed.
a. Enter a name for the user. They will use this to log in.
b. Add identifying information for authenticating a user when they need assistance from the
helpdesk.
c. The identifying information can be edited or cleared when required.
2007 McAfee, Inc.
The new
user will
appear in
the User
Group
Window
The new user will appear in the User Group Window.
2007 McAfee, Inc.
Installation New User Properties
To view/modify user properties, right-click on the user
entry in the User Group window, and select Properties
To view/modify user properties, right-click on the user entry in the User Group window, and select
Properties.
2007 McAfee, Inc.
The User
Properties dialog
displays
Note attribute
categories in left
pane
The User Properties dialog will display showing the users attribute information.
Note the attribute category icons in the left navigation pane that allow you to view several different
areas of user attributes.
2007 McAfee, Inc.
Select the Admin
Rights icon
Set the
appropriate
Administration
Level for this
user
(recommend 1
for normal users)
If you select the Admin Rights icon in the navigation pane, you can set the appropriate
Administration Level for this user. We recommend a level of 1 for normal users.
2007 McAfee, Inc.
Installation Setup Machine Groups
Select Devices Tab
Expand Machine Groups
tree
Double-click machine
group
Right-click in group
window, select Create
machine
The next step is to create a machine group and set its configuration:
From the SafeBoot Administration Console, select the Devices tab
Expand the SafeBoot Machines Groups tree
Double-click the SafeBoot Machines group this will open the SafeBoot Machine
Group window
Right-click in the SafeBoot Machine Group window and select Create Machine
2007 McAfee, Inc.
Installation Create New Machine
The Create New Machine dialog appears
Enter the machine name
Enter a description if desired
The Create New Machine dialog will appear. Enter the name of themachine to add to the group, and
a description if desired. Click OK.
2007 McAfee, Inc.
Installation Machine Groups
The new machine
will appear in the
machine group
window
The new machine will appear in the machine group window, in thiscase, the SafeBoot Machines
group.
2007 McAfee, Inc.
Installation Machine Properties
To view the properties
for the machine, right-
click and select
Properties
The machine properties window
appears
To view the properties of the machine, right-click the machine entry in the group window and select
Properties. The properties window for the selected machine will appear.
2007 McAfee, Inc.
Installation Machine Properties
Select the Options that
you want to enforce for
this machine
Click Apply
Close
In the machine properties window, select the SafeBoot Option that you want to enforce for this
machine in the Option window, and click Apply. Close the properties window.
2007 McAfee, Inc.
Installation Add Users to Machine Groups
Add user(s) to machines
Right-click the machine
group and select Properties
Users must be added to a machine group in order to log in to a protected machine. You can add
individual users or the entire group of users to a machine group.
To add users to a machine group, right-click the machine group in the navigation pane and select
Properties.
2007 McAfee, Inc.
Select the group, or
user(s) to add and
click OK
Click Apply
In group properties,
select Users
Click Add
Select User Group,
or user and click OK
Once the machine group properties window appears, Select the User category and Click the Add
button. To add an entire user group, select the group and click Ok. To add one user at a time, select
the group from the object tree and choose the user from the right hand pane of the Select Users
window.
2007 McAfee, Inc.
The user will appear
in the users list of the
machine group
properties window
The user will appear in the users list of the machine group properties window.
2007 McAfee, Inc.
Installation Create DE Client Installation Sets
Client files for install set
reside in Object
Directory
From Admin Console;
On the Devices tab, right-
click the machine group
Select, Create installation
set
For Device
Encryption
The files necessary for creating the install set are located in the SafeBoot Administration Database.
The install set is associated with the machine level functions.
From the SafeBoot Administrator window:
On the Devices tab, right-click the machine group you are creating the installation
set for
Select Create Installation Set
2007 McAfee, Inc.
Select Online or
Offline installation
Since we have a
communication
server, select
Online
Object Directory
must be available
to client for Online
install
In a previous step, we set up a communications server, so we usethe Online install method. The
client machine must be able to access the SafeBoot Object Directory at install for Online
installations.
2007 McAfee, Inc.
Select the SafeBoot
communication
server the client
should use
Check the server created to handle the communications between client machines and the SafeBoot
Administration Database. Click Next.
Keep in mind that this server will be remote from the clients. You need to create an install set for
each machine group that you have created.
In large scale network installations you may have more than one server running. Clients will select
the best connection from the available servers to perform the synchronization function.
2007 McAfee, Inc.
Set install set file
path
Select client
installation path
Note silent install
and restart options
Click Finish
On the Create Install Set dialog, you can set the path where theinstall set files will be created, as well
as the client installation path.
Note that you can also option a silent install and automatic client restart. For testing, DO NOT select
either the Silent Installation option or the Automatic Restart. You will want to monitor the
install, and selecting either of these options does not allow you to monitor the success of the
installation.
Click Finish.
2007 McAfee, Inc.
You will see
SafeBoot
performing the
Installation Set
creation in the
status window
You will see SafeBoot performing the Installation Set creation in the status window. Once the Install
Set Creation Complete dialog displays, the installation set files have been written to the install set
path specified.
Click OK.
2007 McAfee, Inc.
SafeBoot DE Installation
Set file;
SAFEBOOT5x.exe
Located in the folder
specified in the Create
Install Set dialog
Distribute via CD,
network share, login
script, etc. or use with
MSI wrapper
The SafeBoot Device Encryption for PC installation set file, SAFEBOOT5x.EXE will appear in the
folder specified previously.
This file can be written to CD or other removable storage and manually installed on the machines, or,
installed by other distribution method such as logon scripts, network shares, or provided with an msi
wrapper for use with 3
rd
party software distribution systems.
2007 McAfee, Inc.
Installation Create CE Client Installation Sets
Client files for install set
reside in Object
Directory
From Admin Console;
On the Policies tab, right-
click the policy group
Select, Create installation
set
For Content
Encryption
The files necessary for creating the install set are located in the SafeBoot Administration Database.
From the SafeBoot Administrator window:
On the Policies tab, right-click the policy group you are creating the installation set
for.
Select Create Installation Set
2007 McAfee, Inc.
Select the file
groups you want to
include in the client
Select what file groups you want to include in the client. For abasic test installation, only select
SafeBoot Content Encryption for PC client files.
2007 McAfee, Inc.
Select the
SafeBoot
communication
server the client
should use
Select what SafeBoot communication server shall be used by the client.
2007 McAfee, Inc.
Set install set file
path
Set client
installation path
Note uninstall
password option
Note silent install
and automatic
restart options
Set the path where the Content Encryption installation set file should be created
Set the client installation path
Note that you can specify a required password for uninstalling the client
Note the Silent install and automatic restart options. Do not use these options for test installations.
Click Finish.
2007 McAfee, Inc.
The install set creation status will display in the window. Install set creation complete dialog appears
once the install set file has been created.
2007 McAfee, Inc.
SBCE.EXE SafeBoot Content
Encryption install set file
appears in the specified folder
Distribute via CD, network
share, login script, etc. or use
with MSI wrapper
The SBCE.EXE install set file for Content Encryption appears in the folder specified previously.
This file can be written to CD or other removable storage and manually installed on the machines, or,
installed by other distribution method such as logon scripts, network shares, or provided with an msi
wrapper for use with 3
rd
party software distribution systems.
2007 McAfee, Inc.
Creating Encryption Keys for SafeBoot CE
Encryption keys are used to mathematically scramble
data
Client must have access to key to decrypt data
Keys needed for each group of users
Example: Human Resources key available to HR members only
Many keys can be created depending upon security
needs
H
R
H
R
Encryption keys mathematically scramble data so that it cannot be read. Without access to the
encryption key the information cannot be read.
SafeBoot Content Encryption requires encryption keys for each group of users that will share
restricted data. For example, if Human Resources wants to encrypt the information on their network
shares to protect it from all other departments, an encryption key for HR will have to be created and
distributed to each HR employee.
You can create many keys to protect different classes of data, depending upon your security
requirements.
2007 McAfee, Inc.
To create a new encryption key;
First, create a new Encryption Keys group
Navigate to the Policies tab in the SafeBoot
Administration Console
Right-click on the Encryption Keys Groups
node, select Create Group
Enter Group
name &
Description
To create a new encryption key, you must first create an Encryption Keys group.
Navigate to the Policies tab in the SafeBoot Administrator.
Right-click on the Encryption Keys Groups node and select Create Group.
The New Group dialog appears, enter a name and description for the new
Encryption Key Group.
Click OK.
2007 McAfee, Inc.
The new key group will appear in the tree
Double-click it to open the key group window
The new Encryption Key Group will appear in the tree view of thenavigation pane. Double-click the
new group entry to open the key group window for that group.
2007 McAfee, Inc.
Right-click in the new Encryption Key group and select Add key
Provide key Name,
Algorithm & Description
To create a new key in the Encryption Key group, right-click in the group window and select Add
Key.
The New Key Object dialog appears. Enter a name for the key.
Select the algorithm to use for encryption.
Enter a description for this key.
Click OK.
2007 McAfee, Inc.
The new key will appear in the
Encryption Keys Group window
The new key will appear in the Encryption Keys Group window.
2007 McAfee, Inc.
To set validity and assign
users to the key, right-
click the key and select
Properties
Set the date the key
expires under Expiry
Youll need to set the validity for the key, as well as assign users.
To set the expiration date, click the pull-down under Expiry and select the date from the calendar
applet.
2007 McAfee, Inc.
To allow the key to be
used by machines that
are offline, select Allow
key to be cached locally
To allow the key to be used by machines that are offline (not network connected), select Allow key
to cached locally under Caching.
2007 McAfee, Inc.
Select the Users icon
New keys default to All
SafeBoot Users
To assign specific users,
click the Add button
NOTE: Once specific
users are assigned, only
users on the list can
change key properties
Add the Administrator!
To assign users to a key, select the Users Icon from the Key Properties window. Note that new keys
default to an assignment of All SafeBoot Users.
To assign the key to specific users, click the Add button.
IMPORTANT NOTE: Once specific users have been assigned to a key, only users on the list can
change the key properties. Be sure to add the SafeBoot Administrator to the users list for this key.
2007 McAfee, Inc.
Select users to assign
Remember the Admin!
Select the user(s) to assign and click OK. Dont forget to add the SafeBoot Administrator.
2007 McAfee, Inc.
The users assigned
will appear on the
properties for the
key
Note that All
SafeBoot Users is
automatically
removed
The users you selected will appear under, Restrict Access To in the key properties window. Notice
that the entry for All SafeBoot Users has automatically been removed.
Click Apply and then Close.
2007 McAfee, Inc.
Creating Encryption Policies SafeBoot CE
Polices determine allowed user actions
Control automatic encryption
File types, folders, etc
Automatic encryption of removable media available
New policies prevent critical operations by default
Edit the policy to allow access to SafeBoot CE functions
SafeBoot Content Encryption Policies define what functions a user can perform with the SafeBoot
CE Client. For example, the users ability to create their own encrypted files can be switched off, as
can the user's ability to manually decrypt data; however, you donot need to be able to decrypt a file
to access it.
SafeBoot CE policies also control the automatic encryption of information. For example, you can
specify that all .doc files should be created as encrypted, or all files in My Documents should be
encrypted, or, a folder on a network share.
A policy may also specify that data written to removable media, such as USB memory devices and
removable hard disks shall always automatically be encrypted.
The default settings for a new policy group, or new policy object, prevent any sensitive/critical
operation. If you want to allow access to the functions of SafeBoot CE you need to change the
settings of the corresponding policy.
2007 McAfee, Inc.
On the Policies tab, right-click
Content Encryption Policy
Groups
Select Create Policy Group
On the Policies tab, right-click Content Encryption Policy Groups. Select Create Policy Group.
2007 McAfee, Inc.
Enter a name and description for
the new Policy Group
Enter a name and description for the new Policy Group.
2007 McAfee, Inc.
The new Policy Group window will
appear
To add a new policy, right-click in the
window and select Add
The new Policy Group window will appear. To add a new policy, right-click in the window and
select Add.
2007 McAfee, Inc.
Provide a name and description for the new Policy
Provide a name and description for the new Policy.
2007 McAfee, Inc.
The new policy will appear in the Policy Group window
Double-click the policy to view the properties
The new policy will appear in the Policy Group window. Double-click the policy to view the
properties.
2007 McAfee, Inc.
Select the policy options that
you want from the categories
available
Click Apply and Close
Select the policy options that you want from the categories available. Click Apply and Close.
2007 McAfee, Inc.
Assigning Policies to Users
From the Users tab, find the
user in the group you wish to
assign and view the
properties
Click the Policies icon
Click the Add button
From the Users tab, find the user in the group you wish to assign and view the properties. Click the
Policies icon.
2007 McAfee, Inc.
Assigning Policies to Users
Select the policy to assign and click
OK
Select the policy to assign and click OK.
81
2007 McAfee, Inc.
2. Client Installation
2007 McAfee, Inc.
SafeBoot Client Installation
SafeBoot Device Encryption client
SafeBoot Content Encryption client
Installed from previously created installation sets
Install options;
Manual via removable media
Manual via Network share
Login Script
MSI Wrapper/3
rd
party distribution
The next step is the installation of the SafeBoot Device Encryption client, and the SafeBoot Content
Encryption client, using the installation sets previously created.
You can manually install the clients, or use other common methods such as executing from a network
share or via a login script. For larger deployments, using a 3
rd
party distribution mechanism such as
SMS would be recommended.
2007 McAfee, Inc.
SafeBoot Client Installation
In this example, the installation set files have been placed in a network share called SafeBootShare.
The client installation will be executed at the client from thisshare.
2007 McAfee, Inc.
SafeBoot Device Encryption Client Install
Double-click SAFEBOOT5x.EXE from the share
Double-clicking the SAFEBOOT5x.EXE install set launches the SafeBoot DE client installation.
Once complete, the Setup Complete dialog appears. SafeBoot Device Encryption client has been
installed.
2007 McAfee, Inc.
SafeBoot Content Encryption Client Installation
Double-click SbCE.EXE from the share to launch the
installer Click Next
To install the SafeBoot Content Encryption Client, double-click the SbCE.EXE installation file from
the share and click Next. The SafeBoot CE Installer will run.
2007 McAfee, Inc.
SafeBoot Content Encryption Client Installation
Once CE is installed, the Setup Complete dialog appears
Restart the machine
Once SafeBoot Content Encryption client has been installed, the Setup Complete dialog appears.
Restart the machine to complete the installation.
2007 McAfee, Inc.
SafeBoot Login
After restart SafeBoot login
appears
Default password 12345
Set new, unique password
After the machine restarts, the SafeBoot login screen will appear. Use the default password of
12345 for the initial login, and then change the password when prompted.
88
2007 McAfee, Inc.
End Module
SafeBoot Installation

Epe 50 03 Installation 4mb

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Epe 50 03 Installation 4mb

Hochgeladen von

Copyright:

Verfügbare Formate

1

2007 McAfee, Inc.

Das könnte Ihnen auch gefallen